The exceptionally scary design flaw in Intel’s processors (as well as other manufacturers silicon), that could put nearly all Mac, Windows, and Linux users at risk, appears to have been primarily addressed in the recent macOS 10.13.2 update.

The security flaw is unable to be patched by a firmware update from Intel, and requires OS manufacturers to issue an update to resolve. Aside from security concerns, there is also a significant hit to performance on some systems with the fix in place.

The bug could allow attackers to exploit this weakness to access passwords, security keys, and files that were cached to the disk. The kernel in operating systems have control over the entirety of your system. It connects different parts like the processor, memory, and different pieces of hardware. Intel, as well as other processor manufacturers, have a flaw that could let an attacker bypass the kernels protections and read the contents of the kernel’s memory.

The details of the bug have mostly been kept under wraps, as part of an NDA between hardware and software developers so that they have time to try to patch the issue before malware can take advantage of it.

The fix was found by developer Alex Lonescu, and he describes in a series of tweets and images the changes Apple has implemented in 10.13.2. There are also more changes coming in 10.13.3, though Lonescu is prohibited from revealing what those are as it is currently under a developer NDA. AppleInsider also has reported that they have their own sources who have confirmed the patch in 10.13.2 and 10.13.3.

The way to fix the issue is to essentially separate the kernel’s memory away from the user’s processes. Something known as “Kernel Page Table Isolation.” Unfortunately, that can take a toll on the system. At least, on Windows and Linux machines.

Apple’s patch in 10.13.12, seems to show no noticeable detrimental performance. At least on machines that use PCID (Process-Context Identifiers) which is most modern Macs.

Since being made public, Intel has also released a statement, calling out other manufacturers that also suffer from the same security issue.

  • Waiting for Microsoft to fix it too

    • Rowan09

      Good luck. I’m still waiting for a fix after they came out with Windows 8 and 10. Drum roll. ??

  • Siri Tim Cook Holness

    U spelled silicon wrong silicone is like rubbery stuff

    • drpepper70

      Like boobs

      • Siri Tim Cook Holness

        Yep

  • AB

    Another reason why AMD > Intel. The tides are changing and AMD CPUs will be faster and more secure starting with the Zen 2 refresh!

    • Personally I’d love to see Apple switch to making their own chips again. When you consider that the mobile chips in the iPhone 8 perform at a similar benchmark to the Intel i5 found in the MacBook Pro (all while using less power and producing less heat), it would be amazing to see what Apple could do with a desktop grade chipset.

      • Siri Tim Cook Holness

        Not just similar it actually performs Better

    • Siri Tim Cook Holness

      Nope amd will NEVER be better than Intel all they will ever be is a cheap alternative and tbh if they ever did perform better Intel would probs get mad and terminate their X86 license on the spot

  • Nelson

    Computer security just isn’t what it used to be.